The Tech Panda asked a multi-cloud security and application delivery expert about how to go about securing Banking, Financial Services, and Insurance (BFSI).
Any discussion on cybersecurity will invariably involve BFSIs. While digitisation and modernised FinTechs make it easy for users to bank from their devices, their information is at risk.
According to a Deloitte Insights Global Risk Management Survey, 67% of respondents in BFSIs named cybersecurity as one of the three rising risks for their business over the next two years. The survey also found that the number of cyberattacks against financial institutions is estimated to be four times greater than against companies in other industries.
With the rise of millions of digital users and remote workers, the need for FinTechs to cybersecure themselves has ballooned. With the world going online, attackers are using advanced ways to exploit the systems through botnets and DDOS attacks. To overcome these advanced risks, financial institutions also need to adapt to advanced technologies like Artificial Intelligence and Machine Learning.
What are the rising security concerns in the BFSI sector? What’s driving these attacks from hackers?
The Tech Panda asked Dhananjay Ganjoo, Managing Director India & SAARC at F5, a multi-cloud security and application delivery company, who says the BFSI sector is one of the most vulnerable industries as financial services data is amongst the most sought-after data by cybercriminals.
A minor error while deploying a cloud-based application can expose customers’ data to potential cyber fraud, leading to a compromise in banking regulations
“Few of the most prominent cybersecurity threats that the BFSI sector faces are phishing scams, advanced ransomware extortion, sophisticated impersonation fraud, distributed denial of service (DDoS) attacks, and ATM jackpotting,” he reveals.
The past few years saw the increased adoption of the hybrid workforce model and cloud-based applications.
“This new reality has dramatically increased the threat surface area for cybercriminals to exploit. A minor error while deploying a cloud-based application can expose customers’ data to potential cyber fraud, leading to a compromise in banking regulations,” he adds.
Latest Trends in BFSI Security
As a multi-cloud security and application delivery company, F5 observes several trends in the BFSI security sector.
“Today, most organisations are in the digital experience business, including the BFSI institutions. We would see more BFSI players increasingly rely on applications deployed in multi-cloud environments to provide a seamless experience to their customers and ensure uninterrupted business operations,” says Ganjoo.
The hybrid workforce becoming the new reality, BFSI players are also increasingly adopting the Zero Trust security model to prevent bad actors from accessing vital data
Another trend is the increased adoption of edge computing. Based on F5’s latest State of Application Strategy Report 2022, 85% of Indian organizations have plans to deploy workloads at the edge.
“We can anticipate BFSI players building more personalised digital experiences for their customers through edge computing as well,” he adds.
AI adoption is another trend.
“We are also witnessing growth in the adoption of AI-powered analytics tools by BFSI institutions to detect and prevent financial fraud. Lastly, with the hybrid workforce becoming the new reality, BFSI players are also increasingly adopting the Zero Trust security model to prevent bad actors from accessing vital data,” he says.
Mitigating Cyberattacks by Securing BFSIs Endpoints
The rapid deployment of remote working has elevated cybersecurity risk by several levels. The Indian Computer Emergency Response Team (CERT-In) reported over 2.12 lakh cybersecurity incidents by February this year.
“With more BFSI organizations shifting towards a hybrid workforce model, organizations need to protect their environments across the distributed endpoints, as their employees access applications via devices with many endpoints,” says Ganjoo.
Deploying a more robust endpoint security solution with an identity-based set of access control can help BFSIs protect themselves against hijacking and unauthorised use from any originating location
An endpoint is a type of device that a client or a customer can use to remotely connect to computer networks within a BFSI, for example, tablets, smartphones, laptops, smart watches, and desktops.
“To secure multiple endpoints round the clock, they need to protect their applications from application-layer attacks such as SQL injection, cross-site scripting (XSS), and cookie poisoning,” he further explains.
“Deploying a more robust endpoint security solution with an identity-based set of access control can help BFSIs protect themselves against hijacking and unauthorised use from any originating location,” he advises.
Benefits of Cloud Security Adoption & Anti-Fraud Capabilities
Banks have been frequent targets of robbery even in the days of brick and mortar before the internet. Back then, the maximum risk a bank could face was equal to the amount of the physical currency holdings of a particular branch. However, it no longer applies in this Internet age, explains Ganjoo.
A bank robber can perform a heist from anywhere in the world, and the maximum risk has now increased to the assets of the bank’s worldwide customers as well as leakage of sensitive personal data of the customers
“A bank robber can perform a heist from anywhere in the world, and the maximum risk has now increased to the assets of the bank’s worldwide customers as well as leakage of sensitive personal data of the customers. This new heist over the Internet is broadly known as fraud and is a constant and persistent reality for online banking,” he says.
“Adopting a robust combination of cloud security technologies and anti-fraud capabilities can equip BFSI players with the breadth and depth of coverage that financial services organisations need to defend themselves against asset loss due to fraud as well as to protect sensitive customer data,” he adds.
AI-Empowered Analytics Tools
With everyone advancing their digital transformation journeys and deploying more applications with increasing complexity, newer threat surfaces are created. Cybercriminals are taking advantage of this changing application landscape with new attack methods, which are highly organized and financially motivated.
On this messed up threat landscape, Artificial Intelligence (AI) can be a beacon of hope, says Ganjoo.
“Organizations need to use innovative technology to address these next generation of attacks, and AI-powered analytics and security promises to protect at speed. Adopting a robust platform can accelerate web and API cybersecurity through real-time telemetry, with AI-powered analytics for applications distributed across the new landscape, spanning the cloud and the edge.
The F5 Distributed Cloud Web Application and API Protection (WAAP) can help secure web apps and APIs deployed in multi-cloud and distributed environments, simplifying app security while increasing overall efficacy.